Try our new research platform with insights from 80,000+ expert users
it_user347157 - PeerSpot reviewer
Security Analyst at a retailer with 1,001-5,000 employees
Vendor
We're able to defend against unauthorized access to the network, thus distinguishing between corporate users and guests. But, detection and control of dual-homed devices needs improvement.

What is most valuable?

This product provided a really good effect in terms of network access control. With the ForeScout NAC, distinguishing guests and corporate staff was easier.

This was very easy to achieve since the product integrates really well with Active Directory and the NMAP feature discovers all endpoints within the network.

How has it helped my organization?

With the use of the NAC solution from ForeScout, the company was able to defend against unauthorized access to the network, thereby thoroughly distinguishing who is a Corporate user and who is a Guest. Process for Guest Registration (if implemented properly) was also easy.

What needs improvement?

Detection and control of Dual-Homed devices needs to be improved, as the product sometimes gives false positives. Also, more custom policies should be made available.

For how long have I used the solution?

I used this solution for 14 months.

Buyer's Guide
Forescout Platform
November 2024
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.

What was my experience with deployment of the solution?

There were issues of false positives whenever a new hotfix was installed even with the GA release. There was actually an issue where an upgrade to a new version of the hotfix plugin increased the CPU optimization and network bandwidth usage.

What do I think about the scalability of the solution?

ForeScout is scalable since a management device is available to manage other CT boxes.

How are customer service and support?

Technical support from ForeScout is pretty good, with escalations made promptly when needed.

Which solution did I use previously and why did I switch?

No previous solution.

How was the initial setup?

The initial setup was straightforward, as the steps were simple to understand. It only got complex when creating policies that are not simple.

What about the implementation team?

I worked for a vendor team, and for any client ready to implement this product, I would recommend that the necessary requirements for deployment should be done before the team arrives to start implementation. This makes deployment less stressful.

Which other solutions did I evaluate?

No other options were evaluated.

What other advice do I have?

If you are looking for a NAC solution which works without the use of agents, I would say ForeScout is the one to go for.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Consultant at a tech services company with 51-200 employees
Consultant
Mainly for visibility and control and integrates with various firewalls and other system security solutions, but OT side is still being developed
Pros and Cons
  • "Within three or four days, we have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly."
  • "When we automate an email to send to a user, sometimes it gets blocked, but that has nothing to do with Forescout. It depends on the mail gateway that we use or integrate with."

What is our primary use case?

The use case is for a compliance check for the users who get into your organization. We identify the host for Windows PC, Mac, Linux, and servers. These are some of the use cases for user control and policy management. Some of the other use cases are to kill some applications and peer-to-peer applications. It's mainly for visibility and control, and we also integrate with various firewalls and other system security solutions. For example, LogRhythm, Splunk, Qreader, McAfee Orchestrator, and Trend Micro.

I work on multiple technologies and security technology. The solution is deployed on-premise. We don't use it for our own company. We are the system integrators and we deploy for various customers across the region we work with and we deploy most of the verticals.

What is most valuable?

This is far better than any other Mac solution. Within three or four days, we have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly.

What needs improvement?

When we automate an email to send to a user, sometimes it gets blocked, but that has nothing to do with Forescout. It depends on the mail gateway that we use or integrate with.

They already support some 63,000 plus vendor models. They are also upgrading it, and they have two million plus devices in a single deployment. Maybe there are some legacy tools with support. I know they're working very hard on the OT infrastructure and OT side of integration, but I'm not into OT side.

For how long have I used the solution?

I have been using this solution for three years.

What do I think about the stability of the solution?

I don't see any issue with stability. I'm not hearing from any customers who are reporting any issues about stability. They are mostly looking for compliance and operation security.

What do I think about the scalability of the solution?

The solution is absolutely scalable.

How are customer service and support?

Technical support is good. I don't see any issues. The type of support you get depends on the contract that you sign. They're timely and the support is good.

How was the initial setup?

The amount of time it takes for deployment depends on how many branches you have, whether it's a central deployment or a hybrid. It depends on how you want to use the solution. It varies but if it is only central deployment for a couple of branches, we can do it in a minimum of one month.

The number of people it takes for deployment just depends. One engineer can do it, but you also need support from the customer. You should have very good system administrators, or some network engineers to support you in terms of various authentication integrations. There should be a minimum of one from the deployment side, two from the customer side.

What other advice do I have?

I would rate this solution 7 out of 10. I'm not sure about the OT side, but the visibility, control, orchestration, dashboard, and reporting are all good.

My advice is that you really need to understand the prerequisites of the use cases if you want to deploy the solution. You should also understand what kind of services they should open and the security rules—a firewall. They should have a clear understanding of how it is being designed and the architecture. If you know, it's easy for deployment, otherwise you will get stuck.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Forescout Platform
November 2024
Learn what your peers think about Forescout Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Product Manager - IT Security at a tech services company with 11-50 employees
Real User
You can configure granular controls just as you want those policies to be implemented
Pros and Cons
  • "Its feature that I have found most valuable is that it is very granular. You can configure granular controls just as you want those policies to be implemented. It gives you that flexibility to go granular in how you want your controls to be implemented. That's something I like about it."
  • "I should be able to integrate my Forescout with any other third party security technology, to build that connected security strategy."

What is our primary use case?

Our primary use case is for device compliance and access control.

What is most valuable?

Its feature that I have found most valuable is that it is very granular. You can configure granular controls just as you want those policies to be implemented. It gives you that flexibility to go granular in how you want your controls to be implemented. That's something I like about it. 

The pricing, technical support, stability, scalability, initial set up, interface, dashboards, management, and monitoring are fantastic. They are excellent. 

The licensing of the solution is pretty simple. The process of deploying the solution is pretty straightforward. The dashboard, in terms of monitoring and management, is pretty simple. Maybe because I have a very robust technological background is why I don't struggle with these things. In terms of management, deployment, and support, although I really don't require their support, so far, so good.

What needs improvement?

Truth be told, I'm good with it. I'm yet to have something with the solution that I don't feel comfortable with. It's fine. I've not seen a cause or a reason why I should want something to be changed, but that doesn't take out the fact that there's always room for improvement. What I would love to see is a situation where my Forescout can integrate with different security technologies. Where it can share contextual information bidirectionally. I had written to Forescout about this and they told me they have that functionality already. So I think that settles it. They can share device context with the security technology and that technology can also be shared with Forescout. To build a form of connective strategy towards security. They have a dedicated module for the security technology I'm concerned about.

But with that software, I should be able to integrate my Forescout with any other third party security technology, to build that connected security strategy I talked about. So far, it's good. It meets my requirements that I had concern about.

For how long have I used the solution?

I have been using Forescout Platform for one year.

What do I think about the scalability of the solution?

In terms of scalability, my deployment architecture is central, so it scales with respect to the number of devices I have to add to my network. The licensing is based on the number of devices you have currently with regards to the future growth in the number of connected devices to your IT network or to your IT infrastructure. That gives you room to scale. So if I know that in the next two years, I would have an additional 50 or 100 users connecting to my network, either directly or remotely, I go for an appliance that accommodates that growth. Which is what I currently have.

So there's room to scale. Then the licensing is based on the number of devices you have currently. So if I have more devices come to my network, I can just acquire more licenses to take care of them. So I think that's fine.

How are customer service and technical support?

I've been very conversant with the technology for areas where I've experienced some challenges and I had to fix it up myself, but it's straightforward.

In terms of support, I've had to reach out to technical support. He was readily available and we made progress. So support is also good. My experience so far has been good. That's why I told you earlier that it's difficult for me to really point to somewhere where I could make an improvement.

What other advice do I have?

On a scale of one to ten I would give Forescout Platform a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1297917 - PeerSpot reviewer
Chief Executive Officer at a tech services company with 11-50 employees
Consultant
Offers full visibility of devices in the local network but is pricey
Pros and Cons
  • "We really like that we get full visibility of devices in the local network."
  • "It's scalable, but not without a big investment. It doesn't do so well at the branch. At the home office, it does okay and not so well at the branch."

What is our primary use case?

To find out what devices are in the network for our clients. We manage client's networks, so we have it on the client's network and they use it so they can make sure they know who's on the network and if it's secure.

What is most valuable?

We really like that we get full visibility of devices in the local network.

What needs improvement?

It could be better, they could work on the wide-area network and easier because it's a bit clumsy at the moment when we go on to a remote site. It works well in the head office but we've had challenges trying to install it across other sites. So pricing and support for branch offices. The interface is okay for the local office, but it's hard to get visibility from remote branches.

For how long have I used the solution?

We have been using the Forescout Device and Visibility Control Platform for about two years.

What do I think about the stability of the solution?

The Forescout Platform is very stable.

What do I think about the scalability of the solution?

It's scalable, but not without a big investment. It doesn't do so well at the branch. At the home office, it does okay and not so well at the branch.

How are customer service and technical support?

We have used technical support, it's been fine.

How was the initial setup?

The initial setup of Forescout Device and Visibility Control Platform is fairly complex.

What's my experience with pricing, setup cost, and licensing?

The Forescout Device and Visibility Control Platform is quite expensive. I would recommend it depending on the environment, but I would tell them to look at things that depend on their environment. There is other software as well.

What other advice do I have?

I would rate the Forescout Device and Visibility Control Platform at a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network System Administrator at Compugraf
Real User
We now know how many devices are connected and what the use for each device is
Pros and Cons
  • "The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment."
  • "They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment."

How has it helped my organization?

The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment.

What is most valuable?

I can create granular policies. This is amazing. I really appreciate the granularity to create policies.

What needs improvement?

They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment.

The interface of this solution and the integration part needs improvement. The difference between the 7th and the 8th version is the dashboard. They should improve it. 

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

We never had a problem with this product. It has worked very well.

What do I think about the scalability of the solution?

It's very simple to scale and to implement more devices and licenses. It's easy to grow.

How are customer service and technical support?

We haven't had to use their technical support. 

Which solution did I use previously and why did I switch?

We switched because ForeScout is the best tool for Mac. 

How was the initial setup?

The initial setup was very easy, very simple to deploy. We didn't have problems or difficulties with the implementation.

Which other solutions did I evaluate?

We also looked at Fortinet. 

What other advice do I have?

I would rate this solution an eight out of ten because it's the best solution. 

I would advise someone considering this or a similar solution to make sure that the solution works with a lot of vendors. Choose a product that doesn't change your environment.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
PeerSpot user
Network and Security Engineer at Guaranty Trust Bank Plc (GTBank)
Real User
SNMP Traps on switches is one of its most valuable features

What is our primary use case?

Primarily used to define which host to admit onto the network, by tying a policy to the MAC address.

How has it helped my organization?

Identifying issues on why some hosts are not on the network, and assisting with possible remediation options.

What is most valuable?

  • SNMP Traps on switches
  • Getting the MAC address of the host from the ARP table of the switch and applying policy.

What needs improvement?

  • Battled with the use of SNMP v1 instead of v2c
  • Direct web interface rather than installation of a client.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Senior Security Engineer with 51-200 employees
Vendor
The NAC engine is flexible since it doesn’t need the use of 802.1x. We use the solution to test or troubleshoot customer configurations.

Valuable Features:

The main feature, the NAC engine, is very flexible since ForeScout CounterACT doesn’t need the use of 802.1x and can work with almost all switch vendors.

Improvements to My Organization:

Since my company is a systems integrator, we have ForeScout CounterACT in our lab just to test or troubleshoot customer configurations.

Room for Improvement:

There isn’t a specific area to improve. It’s a good product from my point of view. Maybe the licensing and cost can be improved.

Deployment Issues:

No issues with deployment.

Stability Issues:

Haven't had issues with stability.

Scalability Issues:

Haven't had to scale it.

Other Advice:

Maybe test the configuration very well before enabling actions (like VLAN moving, Captive Portal), because they can cause many problems in production environments if there are configuration mistakes.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user400680 - PeerSpot reviewer
VP IT Security at a financial services firm with 501-1,000 employees
Vendor
The most valuable feature for us is the visibility into all connected devices.
Pros and Cons
  • "The plugins are very robust -- the ability scanner, patch management system, and SQL integrator."
  • "The initial setup was complex."

What is most valuable?

The most valuable feature for us is the visibility into all connected devices. Also, the plugins are very robust -- the ability scanner, patch management system, and SQL integrator.

How has it helped my organization?

You can query a lot of information from the connected device, including their compliance statuses.

What was my experience with deployment of the solution?

We've had no issues with deployment.

What do I think about the stability of the solution?

It's a stable solution.

What do I think about the scalability of the solution?

There have been no issues with scaling it.

How was the initial setup?

The initial setup was complex, but that was due to the nature of the network architecture.

Which other solutions did I evaluate?

We didn't look for other solutions.

What other advice do I have?

Have a clear understanding and document the network architecture before you deploy it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Forescout Platform Report and get advice and tips from experienced pros sharing their opinions.